Phil Corwin of the Internet Commerce Association is worried that ICANN is trying to make URS a de facto consensus policy and thereby bring it to .com, which is still where most domainers have most of their assets.

this proposed Registry Agreement (RA) contains a provision through which staff is trying to preempt community discussion and decide a major policy issue through a contract with a private party. And that very big issue is whether Uniform Rapid Suspension (URS) should be a consensus policy applicable to all gTLDs, including incumbents like .Com and .Net.

…

ICANN needs to hear from the global Internet community, in significant volume, that imposing the URS on an incumbent gTLD is unacceptable because it would mean that ICANN staff, not the community, is determining that URS should be a consensus policy and thereby undermining the entire bottom-up policy process. Domain suspensions are serious business – in fact they were at the heart of the SOPA proposal that inspired millions of emails to the US Congress in opposition.

The concern about .com may be a bit over-stated.

Verisign’s current .com contract is presumptively renewed November 2018 provided that it adopts terms similar to those in place at the five next-largest gTLDs.

Given that .net is the second-largest gTLD, and that .net does not have URS, we’d have to either see .net’s volume plummet or at least five new gTLDs break through the 15 million domains mark in the next three years, both of which seem extraordinarily unlikely, for .com to be forced to adopt URS.

However, if URS has become an industry standard by then, political pressure could be brought to bear regardless.

Other changes to .pro and .cat contracts include a change in ICANN fees.

While .pro appears to have been on the standard new gTLD fee scheme since 2012, .cat is currently paying ICANN $1 per transaction.

Under the new contract, .cat would pay $0.25 per transaction instead, but its annual fixed fee would increase from $10,000 to $25,000.

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

According to Allegrevita, which until recently was working heavily with TLD Registry (“.chinesewebsite”) on its entry into the country, it’s “no longer ambiguous” that MIIT has asserted full oversight of the domain industry in China.

MIIT’s crackdown appears to be focused on the 93 Chinese registrars it has approved to do business.

Allegravita says these companies will not be allowed to sell unapproved TLD domains to Chinese registrants, but that existing registrations will be grandfathered:

by sometime in July 2015, the MIIT will not permit unapproved registries to operate or offer their domains for sale in China. The MIIT will not interfere with existing domain registrations for unapproved registries; however, new registrations will not be permitted to be sold by Chinese registrars to Chinese registrants.

Presumably, non-Chinese registrars will reap the benefits of this as Chinese would-be registrants look elsewhere to buy their domains.

China is an important market for many registries, particularly the low-cost ones.

Judging by MIIT’s web site, getting approval to sell your TLD in China involves a fairly stringent set of requirements, including having a local presence.

MIIT said in a press release last month that the “special action” is designed “to promote the healthy development of the Internet, to protect China’s Internet domain name system safe and reliable operation

Verisign has boosted its reportable .com domain count by almost 750,000 by starting to count expired and suspended names.

The change in methodology, which is a by-product of ICANN’s much more stringent Whois accuracy regime, happened on Friday afternoon.

Before the change, the company reported on its web site that there were 116,788,107 domains in the .com zone file, with another 167,788 names that were registered but not configured.

That’s a total of 116,955,895 domains.

But just a few hours later, the same web page said .com had a total of 117,704,800 names in its “Domain Name Base”.

That’s a leap of 748,905 pretty much instantly; the number of names in the zone file did not move.

.net jumped 111,110 names to 15,143,356.

The reason for the sudden spikes is that Verisign is now including two types of domain in its count that it did not previously. The web page states:

Beginning with the first quarter, 2015, the domain name base on this website and in subsequent filings found in the Investor Relations site includes domains that are in a client or server hold status.

I suspect that the bulk of the 750,000 newly reported names are on clientHold status, which I believe is used much more often than serverHold.

The clientHold EPP code is often applied by registrars to domains that have expired.

However, registrars signed up to the year-old 2013 Registrar Accreditation Agreement are obliged by ICANN to place domains on clientHold status if registrants fail to respond within 15 days to a Whois verification email.

The 2013 RAA reads (my emphasis):

Upon the occurrence of a Registered Name Holder’s willful provision of inaccurate or unreliable WHOIS information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen (15) calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder’s registration, Registrar shall either terminate or suspend the Registered Name Holder’s Registered Name or place such registration on clientHold and clientTransferProhibited, until such time as Registrar has validated the information provided by the Registered Name Holder.

Over the last several years, the average amount of names in the on-hold status category has been approximately 400,000 names and the net change year-over-year has been very small.

While still immaterial, during 2014, we saw an increase in the amount of names registrars have placed on hold status, which appears to be a result of these registrars complying with the new mandated compliance mechanisms in ICANN’s 2013 Registrar Accreditation Agreement or RAA.

In 2014, we saw an increase in domain names placed on hold status from roughly 394,000 names at the end of 2013 to about 870,000 at the end of 2014.

Verisign, the $7.5 billion .com domain gorilla, has sued upstart XYZ.com and CEO Daniel Negari for disparaging .com and allegedly misrepresenting how well .xyz is doing.

It’s the biggest legacy gTLD versus the biggest (allegedly) new gTLD.

The lawsuit focuses on some registrars’ habit of giving .xyz names to registrants of .com and other domains without their consent, enabling XYZ.com and Negari to use inflated numbers as a marketing tool.

The Lanham Act false advertising lawsuit was filed in Virginia last December, but I don’t believe it’s been reported before now.

Verisign’s beef is first with this video, which is published on the front page of xyz.com:

Verisign said that the claim that it’s “impossible” to find a .com domain (which isn’t quite what the ad says) is false.

The complaint goes on to say that interviews Negari did with NPR and VentureBeat last year have been twisted to characterize .xyz as “the next .com”, whereas neither outlet made such an endorsement. It states:

XYZ’s promotional statements, when viewed together and in context, reflect a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.

As regular readers will be aware, .xyz’s zone file, which had almost 785,000 names in it yesterday, has been massively inflated by a campaign last year by Network Solutions to push free .xyz domains into customers’ accounts without their consent.

It turns out Verisign became the unwilling recipient of gtld-servers.xyz, due to it owning the equivalent .com.

According to Verisign, Negari has used these inflated numbers to falsely make it look like .xyz is a viable and thriving alternative to .com. The company claims:

Verisign is being injured as a result of XYZ and Negari’s false and/or misleading statements of fact including because XYZ and Negari’s statements undermine the equity and good will Verisign has developed in the .COM registry.

…

XYZ and Negari should be ordered to disgorge their profits and other ill-gotten gains received as a result of this deception on the consuming public.

The complaint makes reference to typosquatting lawsuits Negari’s old company, Cyber2Media, settled with Facebook and Goodwill Industries a few years ago, presumably just in order to frame Negari as a bad guy.

Verisign wants not only for XYZ to pay up, but also for the court to force the company to disclose its robo-registration numbers whenever it makes a claim about how successful .xyz is.

XYZ denies everything. Answering Verisign’s complaint in January, it also makes nine affirmative defenses citing among other things its first amendment rights and Verisign’s “unclean hands”.

While many of Verisign’s allegations appear to be factually true, I of course cannot comment on whether its legal case holds water.

But I do think the lawsuit makes the company looks rather petty — a former monopolist running to the courts on trivial grounds as soon as it sees a little competition.

I also wonder how the company is going to demonstrate harm, given that by its own admission .com continues to sell millions of new domains every quarter.

But the lesson here is for all new gTLD registries — if you’re going to compare yourselves to .com, you might want to get your facts straight first if you want to keep your legal fees down.